DASHLANE EXPLAINS: Military Grade Encryption

What comes to your mind when you think of our military grade encryption? Hopefully you feel assured that it means your personal data and passwords are safe, secure and sophisticatedly scrambled – which it is – but do you actually know what it means?

Our guess is many of you might be a bit unsure of the facts, so we thought we’d break it down in today’s blog post so you know exactly how your data is being protected. Sound good?

Let’s start with the basics…What’s encryption?

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. It transforms data that you send across the internet into a format which is only readable when in possession of a decryption key, which provides the code to decipher the encryption.

What’s this encryption key and how does it keep my data safe?

Think of sending a letter to someone in a secret language which needs a special dictionary to translate it. The secret language would be the encryption and the dictionary would be the decryption key. Only when someone has both can they then read that message. Providing of course that the secret language is sophisticated enough to not be broken without the key. Make sense?

Got it. So what makes your encryption “military grade”? What does that mean?

Military grade encryption refers to what’s called AES-256 encryption. Short for Advanced Encryption Standard, it was the first publicly accessible and open cipher approved by the National Security Agency (NSA) to protect information at a “Top Secret” level. It is now widely-accepted as the strongest encryption there is – and used by governments, militaries, banks and other organizations across the world to protect sensitive data.

How does it work?

Remember we mentioned that the “secret language” needs to be complicated so it is tough to crack? Well, AES is just that. It’s is based on a system of encoding called the Rijndael cipher, developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. In simple terms, it divides your data into blocks of 128 bits each, and then uses the encryption key – made up of 256 bits – to scramble them beyond all recognition using 14 different rounds of encryption.

How complex is the key?

The number of possible keys this 256-bit system allows is 2 to the power 256 – that’s a number that is 78 digits long. And to use AES, both the sender and the receiver must know and use the same secret 256-bit key. In Dashlane’s case, that is derived from your Master Password.

What do you mean, “derived”?

Dashlane uses another layer of protection – a method called PBKDF2 (Password-Based Key Derivation Function 2). This takes your password and applies random data – known as a salt – before scrambling it again many times over to produce a sophisticated cryptographic key.

Has AES ever been cracked?

No. A Microsoft research paper published in 2011 suggested that it was theoretically possible to recover an AES key using a technique called a biclique attack. But even breaking a 128-bit key (far less complex than Dashlane’s 256-bit system) would take billions of years with current computing power – and require storing about 38 trillion terabytes of data, which is more than all the data on all the computers on the planet.

So my data and passwords are safe with Dashlane?

There is no record of the 256-bit key or your Master password anywhere in the universe – not on your device, never on our servers and never transmitted on the web. If your data is intercepted, the encryption means that no-one will be able to decipher it.